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ABSTRACT 

Information  Warfare  (IW)  doctrine  is  experiencing  tremendous  growth  partially  as  a 
result  of  its  spectacular  performance  in  Desert  Storm.  Supporting  IW  in  Desert  Storm, 
Command  and  Control  Warfare  (C2W)  strategy  helped  lead  the  way  to  success. 

However,  coalition  achievements  were  due  in  part  to  Iraq's  lack  of  understanding  of  C2W. 
Future  operational  commanders  must  not  only  tackle  the  expanding  role  of  C2W,  but 
should  use  IWs  latest  tool.  Network  Warfare  (Netwar)  to  their  advantage.  Netwar 
compliments  C2W,  because  it  augments  the  commander's  offensive  toolbox  while 
expanding  C2W's  defensive  strategy.  While  offensive  C2W  primarily  targets  the  enemy's 
military  electronic  spectrum,  offensive  Netwar  targets  the  enemy's  military/civilian 
computer  controlled  networks  and  information  systems.  The  power  to  affect  these 
networks  isn't  a  panacea  leading  to  "bloodless"  conflict,  but  it  can  give  the  commander  a 
significant  force  enhancer.  As  the  most  recent  arrival  on  the  "electronic"  battlefield, 
Netwar  not  only  provides  the  commander  with  several  offensive  options  (fi'om  physical 
destruction  to  degrading  system  performance  to  favorably  affecting  output  information),  it 
reinforces  defensive  C2W  by  emphasizing  the  breadth  and  depth  of  today's  modem 
military  dependence  on  computer  networks  while  providing  defensive  strategy  options 
which  compliment  and  expand  existing  C2W  defensive  strategy. 

Commanders  must  realize  that  using  some  of  the  Netwar  options  detailed  in  this  paper 
require  coordination  and  approval  fi’om  senior  command  authorities,  perhaps  as  high  as 
the  NCA.  However,  planmng  for  these  effective  options  is  a  direct  responsibility  of  the 
commander.  Thoughtfial  planning  will  reveal  not  only  the  value  of  Netwar,  but  it  will 
highlight  equipment,  training,  strategy  and  policy  shortfalls  that  must  be  met  by  either 
supporting  CINCs  or  other  agencies.  Failure  to  plan  and  execute  effective  offensive  and 
defensive  Netwar,  in  both  peace  and  wartime,  may  give  an  opponent  using  Netwar  the 
potential  to  significantly  enhance  their  forces  while  taking  away  an  effective  force 
multiplier  fi’om  the  fiiendly  commander. 


Network  Warfare:  It’s  Not  Just  For  Hackers  Anymore 


Introduction 

"A  General  who...cainpaigns...in  a.. .populated  country,  and  has  no  information,  is  ignorant  of  his  calling. 

Napoleon  Bonepart 

Knowledge,  and  the  desire  to  control  it,  is  not  new  to  warfare.  Though  analysts  hail  Desert 
Storm  as  the  first  "information  war",  in  reality,  information  exploitation  is  easily  traced  back 
to  the  Mongols.  They  controlled  the  enemy  by  feeding  them  false  information  about  the 
disposition  of  their  forces.  For  example,  in  Khwarizm  (an  area  approximated  by  today's  Iran), 
the  ruler  Muhammad  Ali  Shah  was  so  confused  by  the  Mongol's  control  of  troop  information 
that  he  fled  without  a  fight-allowing  the  Mongols  to  achieve  victory  by  default.*  From 
Hannibal,  to  Napoleon,  to  Eisenhower,  history  constantly  highlights  the  commander  who 
understands  the  power  of  information.^  But  Desert  Storm  is  not  just  another  example  of 
information  control  effectively  applied  to  warfare,  it  is  a  watershed  event  because  of  the 
prominent  role  Information  Warfare  (IW)  held  among  the  other  facets  of  warfare  (air,  land, 
sea,  and  space  power).  Desert  Storm  senior  commanders  were  surprised  by  their  dependence 
on  networked  computer  systems.^  This  "surprise"  was  simply  commanders  carrying  the  war 
to  a  new  high  ground— gaining  not  only  air,  land,  sea,  and  space  superiority,  but  information 
superiority.  Indeed,  experts  posit  that  IW  had  such  a  huge  impact  on  Desert  Storm  it  should 
be  recognized  as  a  fifth  facet  of  warfare.'*  What  made  Desert  Storm  such  a  watershed  for  IW? 
The  answer  lies  in  a  silicon  chip  the  size  of  a  quarter. 

This  paper  intentionally  focuses  only  on  Network  Warfare  (Netwar),  a  subset  of  IW. 
Netwar  is  a  logical  next  step  in  the  expanding  scope  of  IW  concepts.  This  paper  emphasizes 
the  potential  of  this  tool,  using  IW  examples  as  a  basis  while  exploring  potential  options  this 
tool  gives  the  commander.  Operational  commanders  must  comprehend  Netwar,  and  use  it  as 
an  offensive  "weapon"  while  preparing  defenses  against  enemy  attacks.  Without  effective 
Netwar,  the  commander  denies  fiiendly  troops  a  great  force  multiplier  while  unnecessarily 
exposing  those  same  troops  to  unneeded  risks. 


Background 

"Desert  Storm  was  where  an  ounce  of  silicon.. .may  have  had  more  effect  that  a  ton  of  uranium." 

Col.  Alan  D.  Campen,  USA,  Ret. 

The  growth  of  IW  and  its  supporting  Command  and  Control  Warfare  (C2W)  strategy  is 
based  on  a  simple  concept:  the  commander's  need  to  increase  the  power  of  friendly  assets 
while  denying  the  enemy  the  same.  One  answer  to  this  "need"  is  manipulating  information. 
Before  electronics,  information  was  physically  recorded  or  memorized  and  then  relayed  to 
commanders.  This  information,  slow  and  often  dated,  nevertheless  had  the  potential  to  give 
commanders  a  battlefield  advantage.  Its  value  depended  on  whether  the  information  was 
correct  and  used  before  the  enemy  could  counteract.  With  computers,  the  concept  of 
controlling  the  vast  sea  of  information  to  one's  advantage  has  become  so  critical,  the  U.S. 
devotes  extensive  resources  to  the  study  and  development  IW  concepts.^ 

A  computer  network,  and  its  power  to  enhance  both  weapon  and  non- weapon  assets,  is  a 
valuable  new  source  of  power  for  the  commander.  This  "tool"  increases  the  quantity,  quality 
and  variety  of  information  to  the  commander  and  improves  performance.  Computers  also 
have  another  power  beyond  direct  military  support-computers  now  directly  control  large, 
complex  machine  systems  as  well  as  military  and  civilian  support  systems.  Modem  society 
and  military  forces  have  become  extremely  dependent  on  this  capability.  The  shift  from  the 
old  military-industrial  complex  to  the  new  military-civilian  computer  complex  forces  this 
increased  reliance  on  automated  information  as  well  as  blurring  the  line  between  military  and 
civilian  systems.^  Computers  have  the  ability  to  effectively  manage  both  the  highly  integrated, 
enormous  battle-space  involved  in  toda}  ;  campaigns  as  well  as  cheaply  control  the  society's 
machinery  and  civilian  infrastructure  supporting  these  military  ends.'^ 

The  Concepts  of  Netwar 

"The  whole  thing  boils  down  into  control;  power  in  all  its  forms." 

George  A.  Purse 

DOD  Directive  4600.4  levies  commanders  to  attack  enemy  perceptions,  decision  processes 
and  control  mechanisms;  in  short  all  aspects  of  a  society-political,  economic,  and  military.* 
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In  developing  support  for  this  directive,  the  School  of  Information  Warfare  and  Strategy  at  Ft. 
McNair  in  Washington  perhaps  describes  the  scope  of  IW  best;  "While  (IW)  is  ultimately 
military  in  nature,  IW  is  also  waged  in  political,  economic,  and  social  arenas  and  is  applicable 
over  the  entire  national  security  continuum  from  peace  to  war  and  from  "tooth  to  tail".^  As  a 
new  IW  tool,  Netwar  shows  its  maximum  potential  in  this  "tail"  described  above.  Netwar  is 
conducting  offensive  and/or  defensive  operations  on  military  or  civilian  non-weapons 
computer  networks  to  gain  a  military  advantage.  As  with  any  new  facet  of  warfare,  its 
definition  is  incomplete  and  overlaps  with  other  IW  definitions  and  concepts.  But,  just  like 
the  W.W.II  propeller-driven  aircraft  gained  potential  with  the  advent  of  the  supercharger,  so 
IW  gains  new  potential  through  Netwar.  In  a  nutshell,  Netwar  is  tomorrow's  computer-based, 
information-related  conflict  between  either  nations,  organizations,  or  societies. 

The  Toffler's,  in  their  book  War  and  Anti-War,  envision  the  future  of  American  conflicts. 
They  feel  societies  fight  the  same  way  they  make  money-and  as  America  moves  from  an 
industrial  to  an  information  economy,  DOD  will  depend  more  on  information  dominance. 
Commanders  need  to  understand  this  concept  and  capitalize  on  the  potential  of  Netwar  for 
computer  networks  make  a  critical  impact  on  every  facet  of  military  and  civilian  operations. 

Netwar  isn't  an  end,  it  is  merely  a  means  to  an  end.  The  goal  of  Netwar,  whether  offensive 
or  defensive,  is  to  give  the  commander  an  advantage.  To  do  this,  Netwar's  operational 
concept  focuses  on  defending  friendly  computer  network  assets  while  exploiting  the  enemy's. 
Since  resources  and  time  are  limited,  Netwar  planners  must  also  provide  the  commander  with 
priorities,  so  he/she  can  select  and  use  Netwar  to  maximize  its  impact  on  a  particular  Course 
Of  Action  (CO  A).  Additionally,  Netwar  is  not  just  a  wartime  operation.  It  must  be 
conducted  in  peacetime  to  prepare  the  battlefield  for  a  possible  engagement  and,  much  like 
peacetime  intelligence  activities,  help  the  commander  prepare  for  or  possibly  avert  conflict. 
Not  only  is  the  West  worried-Russia's  President  Yeltsin  and  Defense  Minister  Kokoshin  have 
repeatedly  written  and  spoken  about  their  concerns  over  potential  enemy  action  on  their 
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information  systems.”  China,  Israel,  Australia,  Germany,  and  Canada  have  foUowed  Russia's 
lead  and  are  all  very  busy  enhancing  systems  and  building  emerging  Netwar  strategies. 

In  offensive  Netwar,  the  commander  seeks  dominance  over  the  enemy's  computer 
information  and  control  systems  using  a  myriad  of  tools.  The  commander  can  attack  either 
the  physical  computer  network,  its  supporting  structure,  or  a  product  of  the  network.  The 
attack  mode  can  be  overt  or  covert  and  consists  of  either  a  hard  or  soft  kill.  It  can  directly 
impact  the  immediate  battle  or  affect  the  enemy  commander's  conduct  of  future  engagements. 

Defensive  Netwar  helps  the  commander  get  "trusted"  information  by  protecting  computer 
hardware  and  its  infi-astructure;  providing  secure  communication  links  and  when  required,  an 
encryption/decryption  capability.  Defensive  Netwar  also  depends  on  "reliable"  soft  and 
firmware,  and  an  ability  to  detect,  correct  and/or  recover  from  attacks.  "Trusted"  information 
is  the  goal,  but  when  "trust"  is  violated,  defensive  Netwar  must  notify  the  commander  and 
provide  him/her  with  alternate  means  of  gaining  "trusted"  information  again. 

Netwar  is  not  "bloodless"  warfare  as  envisioned  by  some  futurists.”  With  other  tools,  it 
may  help  avert  a  conflict  by  putting  the  enemy  at  a  real  or  perceived  disadvantage,  or  perhaps 
lessen  casualties  by  providing  swifter  means  to  victory— but  it  is  not  a  panacea.  Also,  Netwar 
can  neither  defeat  all  networks  nor  defend  against  all  attacks.  However,  effective  offensive 
Netwar  can  significantly  decrease  the  enemy's  confidence  in  their  information  or  allow  the 
fiiendly  commander  to  manipulate  the  enemy;  while  effective  defensive  Netwar  can  protect 
fiiendly  assets  and  increase  the  reliability  of  fiiendly  information. 

Netwar  at  the  Operational  Level 

"Gen.  Schwarzkopf  generated  only  a  tenth  of  the  total  message  traffic. 

Signal  Magazine 

Netwar  holds  tremendous  power  for  the  commander,  as  well  as  tremendous  potential  for 
disaster.  In  Desert  Storm,  the  "brilliant"  IW  successes  for  the  coalition  overshadowed  two 
critical  elements  that  won't  exist  in  future  conflicts.  First,  time  allowed  the  coalition  to  find 
serious  network  deficiencies  and  fix  them.  Second,  and  most  critical,  Iraq  did  not  use  Netwar 
because  it  lacked  effective  technology  and  strategy.  This  lack  of  Iraqi  action  and  its 
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consequences  are  lessons  that  won't  be  lost  on  future  adversaries.  Just  as  the  coalition  learned 
from  Desert  Storm,  new  foes  are  also  "going  to  school"  to  avoid  the  Iraqi  disaster. 

The  commander  must  plan  for  possible  Netwar  action  in  every  COA,  even  in  light  of  an 
apparently  unsophisticated  enemy.  Netwar,  especially  offensive  Netwar,  is  a  skiU  that  is  easily 
"hired"  by  a  potential  adversary.^''  It  doesn't  take  tremendous  capitol  or  complicated 
machineiy-Robert  Morris,  a  hacker,  brought  down  a  7,000  unit  "secure"  American  system 
with  an  Apple  He  and  a  1200  baud  modem. Commanders  must  prepare  for  effective 
defenses  against  Netwar  during  peacetime  and  practice  those  plans,  regardless  of  the  foe's 
Netwar  "readiness".  But,  Netwar  is  not  just  hooking  up  a  PC  to  a  telephone  and  frying 
computers  or  wreaking  havoc  with  a  power-grid.  Netwar,  if  not  properly  handled,  can  have 
unintended  and  severe  consequences,  Planning  must  be  centralized  and  coordinated  at  the 
operational  level.  Decentralized  planning  could  lead  to  disaster  for  the  friendly  forces. 


On  15  January 
took  9  hours  to 


The  Realities  about  Computers  and  Networks 

1990, 50%  of  AT&T's  long  distance  switching  system  died— due  to  13  lines  of  hacker  code.  It 

pour’through  millions  of  lines  of  code  before  the  problem  was  solved. 

T  aw  And  Di.sorder  on  the  Electronic  Frontier 


Commanders  must  face  reality-any  computer-controlled  system  can  be  affected.  The 
concept  of  an  "impenetrable"  system  is  a  mirage.  For  example,  in  the  1980's,  a  hacker 
defrauded  a  major  U.S.  bank  of  millions  by  simply  cutting  thin  "salami  slices"  from  millions  of 
daily  bank  transactions. This  activity  was  conducted  on  a  "100%  secure"  banking  network. 
If  the  computer  is  relatively  secure,  there  are  alternatives.  Secondary  sources— keyboard 
emissions,  CRT  radiation,  or  printer  heads  striking  paper  can  be  intercepted. Something  as 
simple  as  tertiary  "reflective"  computer  emissions  bouncing  off  innocent  hardware  (hke 
doorknobs  or  the  neutral  wire  of  a  wall  outlet)  are  susceptible  to  interception. 

Another  reason  computer  systems  are  vulnerable  is  because  they  are  now  very  complex, 
requiring  constant  maintenance.  To  illustrate,  software  developed  for  the  Space  Shuttle 
motor  and  hydraulic  control  systems  (the  Space  Shuttle  is  the  world's  most  complicated 
mechanical  device)  has  420,000  lines  of  code.  A  simple  modem  DOD  "comm"  package  needs 
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1.5  million  lines  of  code.^®  These  huge  programs,  just  like  anything  built  by  humans,  have 
flaws.  "High  Quality"  software  may  contain  one  error  per  1,000  lines  of  code.^i  According  to 
E.W.  Dijkstsa,  a  leading  U.S.  software  engineer,  testing  for  bugs  "...can  only  show  the 
presence  of  bugs,  never  their  absence.  NORAD  and  similar  sized  systems  have  computer 
codes  with  as  many  as  40,000  errors,  yet  they  are  still  considered  "reliable".^^  To  maintain 
these  systems,  software  is  constantly  upgraded.  This  critical  maintenance  is  where  planners 
can  easily  affect  the  system  and  get  into  a  "secure"  system.  There  are  also  other  means,  such 
as  remote  modem  access  through  an  "unsecured  server"  and  hardware  manipulation.  The 
bottom  line  is  clear— systems  are  reachable,  the  only  variables  are  how  much  time  and 
resources  it  takes.  The  military's  "Tempest"  systems  aren't  immune  either-Pengo,  a  West 
German  computer  hacker,  sold  American  military  secrets  to  the  USSR.  He  repeatedly  broke 
into  Tempest  computers  at  MIT,  Jet  Propulsion  Labs,  Union  Carbide,  Mitre,  Redstone,  and 
the  Pentagon. 24 

Netwar  Potential:  On  the  Offense 

In  the  first  30  hours  of  Desert  Storm,  U.S.  troops  got  1.3  million  electronic  messages.  "It  was  overload." 

Maj.  Gen.  Paul  K.  Van  Riper,  USMC,  assistant  chief  of  staff  for  C4I 

Offensively,  Netwar  must  support  the  friendly  commander's  ability  to  affect  the  enemy  s 
decision  cycle,  often  referred  to  as  the  Observe,  Orient,  Decide,  Act  (OODA)  Loop. 
Commanders  must  develop  what  Ryan,  et.  al.  describe  in  their  research  as  an  ...information 
Order  of  Battle...."  defining  systems,  networks  and  facilities  as  to  their  usefulness  as  targets; 
giving  them  a  level-of-effbrt;  and  allocating  either  organic  resources  or  upchanneling  requests 
for  resources  fi'om  other  commanders,  federal  agencies,  or  even  foreign  governments.^^ 

First,  the  commander  must  determine  the  goal  of  offensive  Netwar.  Goals  must  be  defined 
before  targets  or  levels-of-effbrt  are  selected.  Netwar  is  not  destroying  the  enemy's  computer 
systems.  Effective  Netwar  gives  the  commander  tools  to  achieve  goals  on  his  "battlefield  . 
When  contemplating  Netwar,  commanders  should  ensure  staffs  integrate  Netwar  goals  into 
overall  theater  objectives.  Offensive  Netwar  involves  intercepting,  manipulating,  controlling, 
disrupting,  corrupting,  or  destroying  the  enemy's  mformation  capabilities  and/or  systems. 
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Once  goals  are  determined,  the  next  step  is  selecting  the  target  and  appropriate  level-of- 
effort.  Target  selection  goes  well  beyond  the  physical  computer  system  itself-target  selection 
must  consider  what  the  computer  system  actually  controls  or  supports.  Just  because  an 
enemy  computer  system  is  vulnerable  does  not  define  it  as  a  worthy  target.  In  future  conflicts, 
the  NCA  may  direct  eflForts  against  enemy  credit  systems,  banks,  or  industrial  production;  or 
perhaps  control  of  transportation,  gas,  power,  water  and  sewage  control  systems;  then 
targeting  the  computers  that  operate  those  systems  becomes  an  effective  use  of  Netwar.^'^ 
Also,  indirect  targets  must  be  considered.  Aside  from  hardware,  firmware,  software,  input 
data  attacks,  and  output  information  manipulation,  the  people  who  operate/maintain  these 
systems  are  viable  indirect  targets.  The  foe's  automated  data  processing  personnel  and 
support  technicians  may  cooperate  with  friendly  efforts  to  gain  success  in  Netwar.^*  Also, 
commanders  must  consider  potential  targets  outside  their  Area  Of  Responsibility  (AOR). 
Computers,  especially  processor  chips  and  network  systems,  are  built  by  relatively  few 
manufacturers  worldwide.  If  required,  commanders  must  up-channel  their  needs  to  senior 
leadership  and  they,  in  turn,  should  seek  help  from  appropriate  agencies.  Gaining  cooperation 
from  computer  makers  as  they  service  and/or  supply  the  enemy  can  go  a  long  way  in  achieving 
the  commander's  goals.^®  To  illustrate,  computer  components  are  now  capable  of  either 
degrading  or  completely  failing  automatically  through  a  simple  external  command  or  after  a 
preset  array  of  conditions  is  met.^° 

Hand-in-hand  with  target  selection  is  assigning  a  level-of-effort.  Here,  vulnerability  and 
the  commander's  ability  to  threaten  that  vulnerability  must  match.  Commander's  must  allocate 
offensive  resources  only  where  they  have  the  best  chance  of  achieving  needed  goals.^i  Levels- 
of-effort  span  from  physical  destruction  to  signals  interception  and  modification;  to  ignoring, 
modifying,  invading,  or  disrupting  either  the  computer,  the  network,  or  its  support  systems. 

The  choice  of  physical  action— destroying  the  computer  network,  forces  the  enemy  to 
either  act  in  the  blind  (as  Iraq  did)  or  rely  on  less  sophisticated  (and  possible  more  exploitable) 
back-up  systems.32  But,  destruction  goes  beyond  traditional  "bombing".  Destruction  includes 
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incapacitating  internal  components,  interface  systems,  communications  nodes,  and/or  affecting 
support  systems  such  as  power  supplies  and  conditioning  equipment.  Weapons  include  sound, 
heat/cold,  radar/magnetic  energy,  and  light  energy.^^  Additionally,  RF  weapons,  the 
synchronous  pulsing  of  electromagnetic  energy,  are  particularly  effective  weapons  because 
they  destroy  the  computer  but  leave  the  structure  unaffected.  At  the  high  end  of  the  RF  range 
is  the  Electromagnetic  Pulse  (EMP)  created  by  a  nuclear  blast.  However,  a  "poor  man’s" 

EMP  is  simply  a  surge  in  the  computer's  power  supply.  Both  are  effective.^"* 

When  considering  physical  destruction,  commanders  must  continually  look  beyond  the 
immediate  benefits  of  such  action  and  create  a  balance  between  combat  needs  and  the  long 
term  responsibilities  during  war  termination  and  post-conflict  reconstitution.  Following  a 
common  sense  principle  of  war,  Netwar  must  achieve  its  goals  with  the  minimum  of  damage. 
The  systems  a  commander  affects  to  his/her  advantage  during  the  opening  shots  may  be  the 
very  systems  the  commander  needs  in  war  termination  and  post-conflict  reconstitution.  To  cite 
an  old  fiiend  of  battle  theory,  Clausewitz  continually  emphasized  the  need  for  commanders  to 
not  take  the  first  step  until  the  last  step  has  been  contemplated.^^  As  an  example,  complete 
destruction  (bombing)  of  an  enemy's  communication,  banking,  and  transportation  system 
(when  simple  degradation  would  have  achieved  the  intended  goal)  only  makes  war  termination 
more  difficult.  Additionally,  it  severely  affects  the  defeated  foe's  ability  to  reconstitute,  adding 
unnecessarily  to  post-conflict  tensions.  Avoiding  "overkill"  in  Netwar  is  more  critical  than 
avoiding  unneeded  physical  destruction  in  C2W  because  unlike  C2W,  which  targets  primarily 
military  assets,  Netwar  targets  systems  that  are  cither  shared  civil/military  systems-or  totally 
civilian  resources.  Some  of  these  target  categories,  such  as  medical  and  pharmaceutical 
control  systems  or  computer  systems  controlling  food  supplies,  transportation  systems,  public 
utilities,  banking  centers  and/or  certain  civilian  production  facilities  are  "gray"  legal  areas. 
These  target  categories  must  be  carefully  screened  by  legal  advisors.^^  Additionally, 
commanders  must  assess  the  legality  as  well  as  the  cost-to-benefit  ratio  of  attacking  these 
systems  as  they  impact  not  just  the  progress  of  the  military  campaign,  but  the  effect  on 
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continued  political  support  from  the  U.S.  public,  elected  representatives,  and  coalition 
members.  To  dramatize  this  point,  destroying  a  "bar  code"  data  base  in  the  enemy  s  food 
production  infrastructure  may  help  the  friendly  commander  by  disrupting  logistics  supplies  to 
enemy  troops,  but  if  it  also  creates  a  CNN  news-scoop  showing  "starving  children  ,  the  long¬ 
term  cost  in  public  support  may  outweigh  the  immediate  military  benefit. 

A  highly  preferred  level-of-effort  would  simply  degrade  computer  systems.  By  affecting 
the  computer's  capabilities  to  perform  consistently,  Netwar  goals  are  achievable  without 
physical  destruction.  This  level-of-effort  has  several  positive  facets.  Commanders  can  overtly 
degrade  the  system;  not  destroying  it,  but  destroying  the  enemy's  trust  in  the  system's 
reliability.  This  has  the  compounding  affect  of  tainting  the  enemy's  trust  in  every  one  of  its 
computer  systems,  whether  or  not  it  was  affected  by  U.S.  action.  Conversely,  the  computer 
may  be  covertly  intruded  so  the  output  is  altered  to  the  advantage  of  the  U.S.  commander,  but 
without  the  enemy  commander's  knowledge,  thereby  retaining  the  enemy  commander's  "trust 
in  a  system  being  manipulated  by  fnendly  forces.  Included  here  are  voice  and  data  networks. 
Not  only  are  these  high-value,  but  with  over  4,000  telephone  companies  worldwide,  this  is  a 
target-rich  environment.^*  Another  level-of-effort  option  is  affecting  the  enemy  s  computer 
output  through  software  and/or  input  data  manipulation;  producing  plausible  outputs  for  the 
enemy,  but  controlled  by  fnendly  assets.  For  example,  positioning  (modifying  radio  and 
television  signals),  could  disrupt  the  enemy's  political  power  base  or  governmental  control. 
Envision  a  TV  broadcast  showing  the  enemy  "retreating"  or  "surrendering".^^  More 
"traditional"  invasive  techniques  include  software  attacks  by  any  of  the  following  means:  a 
Trojan  Horse,  worm,  virus,  logic  bomb,  and/or  an  Easter  Egg  (as  in  Tom  Clancy's  "Debt  of 
Honor")  as  well  as  a  trap  door.^  These  hacker  "legacies"  have  a  definite  value  in  Netwar. 

A  low-priority  target  may  either  be  monitored  or  ignored.  When  monitoring,  a  commander 
uses  signals  interception  and  modification  to  either  gain  information  or  deny  the  enemy  its  use. 
For  example,  rendering  an  enemy's  ciphered  transmission  useless  denies  it  to  the  fiiendly 
commander,  but  it  does  the  same  to  the  enemy.'’^  Finally,  if  a  system  is  low  priority,  it  should 
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be  ignored.  Ignoring  low-value  systems  preserves  friendly  offensive  assets  while  saving  those 
enemy  systems  for  possible  reassignment  during  war  termination  and  reconstitution  efforts. 

Finally  the  idea  of  information  overload  has  its  place  in  offensive  Netwar.  Overwhelming 
systems  with  fed  or  perpetual-generating  data  seeks  to  either  slow  down  legitimate  computer 
operations,  incapacitate  the  network  through  gridlock,  or  cause  the  human  filter  receiving  the 
avalanche  of  output  to  become  ineffective.  Overwhelming  the  enemy  gives  the  commander  an 
advantage;  he/she  can  get  around  the  enemy's  OOD  A  Loop  faster  than  the  enemy  can  itself. 

Critical  to  offensive  Netwar  planning  is  an  emphasis  on  coordination  and  effective  tuning. 
This  is  where  joint,  centralized,  and  coordinated  plaiuiing  efforts  are  vital  to  success. 
Redundant  efforts  are  inefficient,  waste  resources,  and  create  unneeded  risks.  Also, 
coordination  precludes  situations  where  one  "fiiendly"  plans  to  affect  a  system  while  another 
simultaneously  requires  the  use  of  the  same  enemy  system  to  achieve  its  mission  goals.  In 
addition  to  internal  coordination,  commanders  must  weigh  the  cost-to-benefit  ratio  of 
allowing  coalition  partners  in  on  the  planning  efforts.^^  How  much  information  should  be 
shared  with  coalition  partners  is  a  tough  issue;  a  current  coalition  partner  may  become 
tomorrow's  foe.  A  parallel  dilemma  is  what  to  do  with  economic  enemies  who  are  political 
fiiends.  As  an  example,  during  Desert  Storm  France  made  Spot  imagery  commercially 
available,  even  to  Iraq."*^  Smart  force  planning  averted  an  information  disaster  on  the  eve  of 
ground  operations.  Finally,  temporary  alliances,  such  as  the  Desert  Storm  coalition  with  Syria 
require  commanders  to  consider  how  much  information  is  shared  and  what  benefit  is  gained.'*^ 
The  Netwar  plan  must  also  emphasize  timing.  To  illustrate,  blinding  the  foe's  communications 
after  the  enemy  used  it  for  its  intended  purpose  is  pointless.  On  the  other  hand,  blinding  a 
system  too  soon  is  just  as  pointless-it  gives  the  enemy  time  to  recover  or  seek  alternate 
routes  for  information.''^  Coordinated,  effective  timing  not  only  maximizes  operational 
success,  but  reduces  the  risk  of  Netwar  "fratricide". 

Another  facet  to  Netwar  planning  is  the  need  for  constant  peacetime  exercises  to  check 
validity.  Potential  CO  A  and  enemies  must  be  continually  assessed.  Opponent's  cable 
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systems,  relay  towers,  telephone  switching  nodes  and  exchanges,  fiber  optic  and  coaxial  cable 
runs  must  be  continuously  updated  for  location  and  use.^’  Potential  enemy  computer 
software,  firmware,  and  hardware  changes  must  be  monitored  to  determine  status  and 
potential  vulnerabilities.  This  continuous  monitoring  is  critical  due  to  the  pace  of  change  in 
computer  technology.  Today's  Netwar  plan  can  become  instantly  obsolete  as  a  potential  foe 
upgrades  its  computer  defenses  or  corrects  physical  security  flaws.  These  operations  should 
be  covert.  Active  peacetime  operations  give  the  commander  the  power  to  put  systems  and 
options  "in  place"  prior  to  a  conflict.  In  fact,  peacetime  Netwar  gives  the  commander  options 
that  could  prevent  war.  Well  placed  logic  bombs  and  latent  viruses  can  threaten  the  foes'  civil 
and  military  computer  operations  if  they  start  action  against  U.S.  interests.''* 

Finally,  just  like  a  child  who  dismantles  his  dad's  radio  with  no  clue  on  reassembly,  reckless 
Netwar  without  a  plan  for  post-conflict  reconstitution  is  extremely  counter-productive.  The 
goal  is  to  reasonably  restore  the  systems'  performance,  while  retaining  the  ability  to  conduct 
future  Netwar  action  if  needed.  To  reconstitute  every  affected  enemy  computer  after  a  large 
scale  action  would  take  more  work  than  resources  allow.  Therefore,  planners  must  prioritize 
which  systems  get  restored  and  to  what  level.  To  meet  this  goal  efficiently,  pre-conflict 
planning  must  include  documentation  of  all  fiiendly  "attack"  actions,  leaving  an  audit  trail  for 
the  reconstruction  engineers  to  follow.  Also,  the  concept  of  achieving  goals  with  minimum 
damage  to  the  enemy's  systems  will  significantly  ease  the  reconstitution  effort.  Basic  service 
systems  (communications,  power,  gas,  water,  sewer,  and  transportation)  should  receive  top 
priority,  they  should  either  be  restored  or  (if  physically  destroyed  in  war)  replaced.  Secondary 
efforts  should  rebuild  the  economy  (banking  systems,  production  and  inventory  systems)  as 
well  as  internal  security.  Replacement  and  restoration  presents  the  U.S.  commander  with  a 
unique  opportunity  to  configure  the  reconstituted  system(s)  to  his/her  advantage  for  a  future 
potential  Netwar  option-this  valuable  tool  should  not  be  overlooked. 
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Netwar  on  the  Defense 


"Hackers  from  Denmark,  Russia,  and  fraq  tried  to  penetrate  Desert  Storm  military  computer  systems." 

William  Matthews,  news  corespondent 

An  attack  on  U.S.  computer  systems  is  "assured"  during  the  next  conflict-with  high 
probabihty  of  "hits"  on  both  the  "secured"  systems  and  less  defended  support  computer 
systems.'’^  Effective  defense  requires  an  assessment  of  the  friendly  systems'  vulnerabilities  as 
well  as  the  enemy's  potential  to  threaten  that  vulnerability.  If  both  conditions  exist,  and  the 

system  is  vital,  commanders  must  protect  it.^^  There  is  a  tradeoff  with  security—commanders 
must  accept  inefficiencies  with  high  security  levels;  compartmentalized  data  and/or  computers 
are  relatively  tight,  but  slower  than  comparable  "unsecured"  systems.^^  They  must  also  guard 
against  computer  security  discipline  sliding  during  the  heat  of  battle  as  workers  rush  to  gather 
critical  information.^^  Regardless  of  human  frailty  under  fire,  planning  for  defensive  Netwar 
must  proceed  and  include  four  levels;  prevention,  detection,  limitation,  and  recovery.^'* 

Finally,  defensive  Netwar  must  be  coordinated  with  C2W  defensive  efforts—the  two  are 
closely  linked  on  defensive  efforts  and  can  easily  share  vital  resources  and  options. 

Prevention  is  first.  It  involves  the  physical  layout  and  construction/composition  of  the 
computer  facilities,  including  modulated  power  or  Uninterruptable  Power  Supply  (UPS);  its 
supporting  computer  security  architecture;  as  well  as  the  internal  policies  implementing  the 
preventative  measures.  When  planning  defensive  Netwar,  security  must  also  extend  to  the 
entire  system,  not  just  to  the  command  section.  To  iUustrate,  Saudi  Arabia,  had  a  limited 
secure  network  infrastructure.  The  first  Defense  Satellite  Communications  System  dish  in 
Saudi  Arabia  was  bolted  on  the  roof  of  the  Saudi  Defense  Niinistry  building  Avith  cables 
running  down  the  outside  walls.  Although  armed  guards  protected  against  unauthorized 
physical  access  to  the  building,  the  cable  radiated  sensitive  communication  signals— an  easily 
intercepted  source.^^ 

Operational  security  may  require  data  encryption.  Though  encryption  has  obvious 
benefits,  there  are  costs  and  risks.  First,  encryption/decryption  uses  sophisticated  equipment. 
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can  only  be  performed  at  specified  sites,  and  consumes  vital  resources.  Also,  encryption 
indirectly  alerts  the  enemy  that  you  have  something  worth  hiding.  This  makes  encryption 
assets  priority  targets  for  disruption,  interception,  or  destruction.  Also,  encryption  personnel 
are  at  risk-requiring  a  higher  level  of  personnel  security  for  these  vital  human  resources. 
Prevention  may  also  use  a  trusted  third-party  to  audit  usage  and  hard-copy  (notarize)  each 
access.  Hard-copy  audit  trails  also  make  recovery  work  easier— most  unauthorized  break-ins 
have  with  them  a  clean-up  device  that  erases  any  electronic  audit  trail.^^ 

Surprising  to  some,  but  many  "secure"  systems  are  invaded  not  because  security  is 
defective,  but  because  operators  do  not  use  it.  From  "dumpster  diving"  for  ID/Password 
keys,  to  leaving  secure  components  unsecured,  to  connecting  unsecured  components  to  secure 
devices,  to  deliberately  disabling  security  features  to  save  time-security  breaches  are  a  people 
problem  as  much  as  a  systems  issue.  A  Defense  Information  Systems  Agency  study  claimed 
that  effective  human  defensive  actions  could  prevent/detect  80%  of  illegal  computer  "hits".^^ 
Security  items  like  dial  back,  ID/Password  requirements,  data  file  password  protection,  file 
access  restriction,  and  third  party  ID  authentication  &  verification  are  useless  if  not 
consistently  applied  or  if  purposely  circumvented.  When  allocating  resources  for  physical 
security,  the  commander  would  be  wise  to  follow  commercial  sector  security  examples. 

Major  corporations  spend  up  to  68%  of  their  security  budget  on  education,  not  hardware.^* 
Recent  USAF  conferences  on  fW  have  emphasized  the  criticality  of  proper  training  and 
education.  This  emphasis  directly  reflects  the  security  concerns  of  the  USAF's  chief  trainer, 
Gen.  Henry  Viccellio  Jr.,  Commander,  Air  Education  and  Training  Command.^®  This 
education  must  involve  not  only  U.S.  DOD  personnel,  but  U.S.  government  workers  and 
contractors  as  well  as  coalition  and  allied  personnel.  The  following  illustrates  the  lack  of 
physical  security  training  and  education.  During  Desert  Storm,  in  the  Saudi  AOR,  3,000 
personal  computers  were  connected  to  the  U.S.  mainland  via  network,  with  many  connections 
made  "...outside  the  security  envelope,  creating  an  enormous  exploitation  risk."“  Coalition 
forces  were  lucky,  because  these  opportunities  were  lost  by  Iraq-opportunities  the  next  foe 
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will  not  pass  up.^*  Although  operational  commanders  are  not  directly  involved  in  these 
training  issues,  they  must  continually  assess  their  force's  "Netwar  readiness"  and  relay  training 
needs  back  to  the  supporting  commanders.  To  illustrate,  Gen.  Dwight  Eisenhower  was  so 
hampered  by  a  lack  of  skilled  radio  intercept  and  deciphering  experts,  he  physically  created  a 
specialty  within  the  Army  Signal  Corps  to  address  this  WWII  version  of  IW.^^  Finally, 
commanders  must  also  weigh  security  risks  against  operational  rewards  when  developing 
networks  with  hastily  organized  coalitions— like  the  U.S.  did  in  Desert  Storm. 

Next,  detection  is  critical  for  maintaining  the  commander's  "trust"  in  the  information.  If  a 
system  is  tampered  with,  friendly  forces  must  know  the  output  information  is  probably  corrupt 
and  must  either  work  without  that  data  or  seek  alternate  information  paths.  Systems  with  a 
baseline  can  perform  automatic  or  directed  comparison  checks  (parity  checks)  to  detect 
fraudulent  operations.^'^  Another  prevention  measure  includes  a  system  that  continuously 
monitors  or  "snoops"  for  unauthorized  hits.^^  The  sensitivity  of  these  monitors  is  adjustable 
and  customized  to  meet  the  threat.  These  "snooping"  programs  are  programmed  to  alert  only 
after  a  predetermined  set  of  trigger  events  or  flags  occur,  but  these  security  applications  only 
work  if  applied.^®  Slack  application  of  parity  checks  at  the  General  Electric  Missile  &  Space 
Division  in  Valley  Forge  PA  compromised  sensitive  DOD  information.  The  same  can  be  said 
for  NORAD  operations  during  periods  in  the  1980's.^" 

Another  detection  issue  is  handling  stimuli,  or  induced  information  overload.  It  can  render 
a  computer  stupid,  or  cause  significantly  degraded  performance.  Thus  the  coalition  OODA 
L'  -op  is  slowed,  forcing  potentially  bad  decisions.^*  Here,  the  commander  counters  with 
"snifters"  that  detect/counter  stimuli  before  it  overwhelms.^^  Another  defensive  strategy  that 
increases  the  commander's  "trust"  is  setting  up  parallel  systems  with  difterent  hard/software 
and  communications  circuits  as  well  as  unlike  operating  systems  (Apple  System  7  parallel  with 
a  DOS  system).'^°  This  significantly  complicates  an  enemy's  tampering  eftorts. 

If  detection  spots  who  is  getting  inside  a  computer  system,  limitation  (firewalls)  seeks  to 
restrict  the  amount  of  movement  available  once  inside.  Commanders  must  stick  to  tough 
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compartmentalization  of  sensitive  operations,  even  if  it  causes  operational  inefficiencies.  Also, 
isolating  highly-sensitive  computer  assets  from  networks  either  permanently  or  when  not 
actively  engaged  in  network  operations  increases  the  system's  integrity. 

Finally,  recovery  provides  the  commander  a  way  to  reconstitute  operations  after  the 
inevitable  enemy  attack.  Recovery  is  a  mandatory  part  of  defensive  Netwar.  Commanders 
that  ignore  this  vital  fallback  position  will  pay  the  penalty  in  future  conflicts.  Recovery  may 
entail  off-site  data  and/or  computing  back-up;  special  recovery  software  designed  to  rebuild 
lost,  damaged  or  deleted  files;  or  emergency  (manual)  information  back-up  systems  that  aren't 
dependent  on  computers  for  control  or  execution.  Commanders  can  appreciate  the  need  for 
recovery  after  considering  that  over  95%  of  DOD  telecom  (voice  and  data)  is  provided  by 
public  networks  owned  by  common  carriers.  When  the  National  Information  Infrastructure  is 
completed,  it  will  use  these  same  utilities. 

Recommendations  and  Conclusion 

"The  services  put  more  electronic  communications  coimectivity  into  the  Gulf  in  90  days  than  we  put  in  Europe 
in  40  years."  Gen.  James  S.  Cassidy,  director  of  C3  for  JCS 

There  is  a  danger  in  using  Desert  Storm  as  the  defining  moment  for  future  IW.  Before  the 
U.S.  grabs  this  one  experience  as  the  foundation  for  advanced  IW  operations,  the  U.S.  must 
understand  that  Desert  Storm  was  unique.  U.S.  operational  commanders  must  now  plan  to 
"...dominate  the  entire  information  spectrum."  while  our  enemy  does  the  same.'^^  Netwar 
helps  the  commander  achieve  domination  of  the  "entire"  spectrum.  Netwar  takes  IW  deeper 
into  the  enemy's  homeland  and  risks  more  and  more  of  its  assets.  Those  who  cling  to 
Clausewitz's  concept  of  the  limited  role  of  technology  need  to  consider  its  context.  He  wrotv 
when  major  technical  revolutions  occurred  once  every  50  to  100  years.  We  live  in  an  age 
when  there  is  potential  for  major  change  every  24  months.’^  To  ignore  offensive  and 
defensive  Netwar  gives  the  enemy  an  advantage  that  cannot  be  made  up  for  in  battle.  To  cite 
George  A.  Furse,  "Let  it  not  be  supposed  that  there  is  some  occult  means  by  which  neglect  in 
peace  could  be  atoned  for  in  war."’^ 
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Netwar  also  requires  a  new  organizational  paradigm.  To  fit  this  new  tool  into  an 
established  way  of  operations  could  invite  disaster.  Much  like  the  French  failure  to  adapt  the 
machine  gun  in  WWI,  Netwar  requires  a  modified  structure.’^  Netwar  requires  centralized 
planning  and  "topsight"  to  ensure  the  assets  are  efiFectively  used.’^  During  planning,  this  level 
of  supervision  is  needed  because  of  the  extreme  sensitivity  of  Netwar.  For  several  of  the 
target  options,  NCA  approval  may  be  needed.  However,  the  actual  execution  must  be 
decentralized  to  the  "shooters"  at  the  keyboards  and  troop  level  so  that  the  plan  can  maintain 
flexibility  during  its  hectic  execution.  Unlike  Vietnam,  where  technocrats  kept  both  command 
and  execution  at  ridiculously  high  levels,  Netwar  commanders  must  plan  and  coordinate,  then 
let  go  of  the  reins. Desert  Storm  offers  a  good  comparison  of  the  genesis  of  Netwar 
planning  and  execution.  Instead  of  a  stovepipe,  C2W  (the  "sister"  to  Netwar)  used  a  flat, 
inter-dependent  organization  where  problems  were  discovered  in  Saudi,  solutions  developed 
and  coordinated  stateside  between  military  experts  and  civilian  contractors,  then  corrective 
action  taken  by  defense  logisticians  over  7,000  miles  fi'om  the  desert.'^® 

Netwar  is  a  "growth  industry".  Defense  Information  Systems  Agency  estimates  over 
900,000  illegal  "hits"  occurred  in  1991  on  federal  computers-up  fi'om  395,000  in  1989.’^ 

This  threat  needs  its  own  expertise  base,  much  like  Eisenhower's  radio  cadre.  However,  to 
predict  the  precise  future  of  Netwar  and  the  demands  it  places  on  DOD  is  impossible,  to 
project  trends  is  a  bit  easier.  American  society  will  continue  to  embrace  technology,  both  its 
good  and  bad  sides.  The  military  will  naturally  be  drawn  along  on  this  trend,and  as  the 
civilian/military  network  delineation  becomes  more  and  more  blurred,  America  can  anticipate 
increasing  vulnerability  to  Netwar.  Failure  of  the  operational  commander  to  anticipate, 
prepare  for  and  execute  Netwar  will  cost  the  commander  the  use  of  a  valuable  force  enhancer. 
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